[rt-users] RT 3.8: questions on Kerberos, LDAP, and guest account setup
Ivan Shmakov
ivan at gray.siamics.net
Fri Jun 10 11:35:02 EDT 2011
>>>>> Kevin Falcone <falcone at bestpractical.com> writes:
>>>>> On Thu, Jun 09, 2011 at 09:57:49PM +0700, Ivan Shmakov wrote:
[…]
>> Also, I wonder, is it possible to make RT refer to LDAP for
>> certain information (like: login name, real name, e-mail, etc.)
>> about its users? It could easily become a painful experience to
>> either synchronize the RT user database with LDAP, or to
>> maintain the informations in both of the places simultaneously.
> Sounds like you want RT-Extension-LDAPImport
I'll check it, thanks.
>> Additionally, I have set up an Unprivileged “guest” account.
>> However, this configuration results in the user being presented with
>> a somewhat “limited” Web interface (in particular, it lacks the
>> Search facility.) Should I make this account Privileged instead, or
>> is there another easy way of setting up a “read-only” account with
>> the Search facility being active?
> If you want the advanced search, you want a Privileged user.
Is it merely a limitation of the implementation, or something
deeper?
The inconvenience of setting up a Privileged guest account is
that it will be necessary to maintain a separate group, whose
members (which are all the Privileged users except the guest
account) are actually granted “write access” to the tickets.
With guest account now being Unprivileged, the Privileged group
fulfills this role.
> Unprivileged users are only going to see tickets that they're the
> Requestor of.
Apparently, it's not the case: I was able to see all the tickets
belonging to the queues for which Everyone is granted SeeQueue
and ShowTicket permissions. (RT 3.8.8 debian 7.)
--
FSF associate member #7257
More information about the rt-users
mailing list